Release Notes

Updated to remove deprecation references in 1.8.3, tested against stock 1.8.3.


Do not use in 1.7

  • Awesomeness. Thanks, Justin. Been waiting for the new release.

  • Please let me know how it works -- it needs much testing. We're in the midst of a transition to 1.8 here, so this is the first time I've had a chance to really go over this code and try to make it work properly with all of the things that 1.8 changed on us. Positive or negative experience feedback are appreciated.


  • Sure. It will be some time before I actually get to it. A few of my plugins for 1.7 were relying on this, so once I get to porting them to 1.8, I will be sure to give feedback.

  • Hi!

    When I try to retreive a Request Token using: HTTP POST to http://myelgg/oauth/requesttoken

    The expected HTTP response body should be something like:

    but instead it's getting some HTML (the login page?) like
    <!DOCTYPE html PUBLIC [...]

    What's happening? Thx in advance!

  • @dterango: You're probably breaking the redirect that the system uses, which is dropping you back to the home page. Check your plugins for extraneous whitespace, this can sometimes cause that.

  • @Justin, just checked your source. As of Elgg 1.8.2 page_handler functions require a return of true, otherwise a 404 redirect is issued.

  • @Ismayil: Oh, thanks, didn't realize that had changed. The 1.8 version of the plugin (0.10.x) is still less tested than the 1.7 version. I'll pull a change together for that shortly, probably have it in today.

  • Hi, thx for your quick answer :)

    I'm trying to write an Android app and validate operations using OAUTH.

    I started requesting the token to myelgg/pg/oauth/requesttoken but didn't work. 'Wiresharking' messages, I found the server response 'HTTP 1.1/301 Moved Permanently' to myelgg/oauth/requesttoken (w/o pg) and oauth_token + oauth_token_secret + html code. Also, my client requested again to myelgg/oauth/requesttoken, obtaining http ok but 'Nonce already used' and no tokens.

    Next try, client app straightly asked to myelgg/oauth/requesttoken (w/o pg) obtaining again oauth_token + oauth_token_secret + html. I can strip html like:

    requestToken = consumer.getToken();
    oldTokenSecret = consumer.getTokenSecret();
    newTokenSecret = oldTokenSecret.substring(0, oldTokenSecret.indexOf("<!DOCTYPE"));
    consumer.setTokenWithSecret(consumer.getToken(), newTokenSecret);

    but it doesn't work cause retreiving the Access Token ends with 'Invalid Signature' :(

    So, this is what you mean with 'braking the redirect'?


  • Category: Authentication
  • License: GNU General Public License (GPL) version 2
  • Updated: 2014-11-17
  • Downloads: 17727
  • Recommendations: 13

Other Projects

View Justin Richer's plugins